Rovlo — AI Recruiting AgentRovlo — AI Recruiting Agent

Privacy Policy

Effective Date: January 1, 2025 · Last Updated: March 26, 2026

At Rovlo, we respect your privacy and are committed to protecting your personal data, along with your organization's data.

1. Who We Are

Rovlo is operated by Vantum Group Limited, registered at 1111B S Governors Av, Ste 39343, Dover, DE 19904, US. The Service provides a cloud-hosted, multi-tenant SaaS recruiting platform that uses artificial intelligence to help organizations find, evaluate, and hire talent.

2. Data Protection Roles

  • Account information: Rovlo acts as the data controller.
  • User-uploaded content (candidate data, pipeline data, documents): Rovlo acts as the data processor; your organization is the controller.

3. Information We Collect

3.1 Information You Provide

  • Account details: name, email address, phone number, profile photo, language, timezone, organization name, and role
  • Content: candidate profiles, search queries, pipeline configurations, outreach messages, interview data, documents, and attachments
  • Support communications and survey responses

3.2 Information Collected Automatically

  • Usage data: IP addresses, device and browser information, timestamps, pages visited, actions taken, and referral URLs
  • Cookies and similar tracking technologies
  • Approximate location derived from IP addresses

3.3 Third-Party Sources

  • Authentication providers (e.g., Google) and identity services
  • Candidate data providers integrated into the platform (e.g., People Data Labs, Lusha)
  • AI processors that receive search queries and candidate data, with instructions not to retain inputs beyond processing

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Authenticate users and manage account access
  • Process candidate searches and generate AI-powered recommendations
  • Conduct AI interviews and generate analysis reports
  • Send outreach messages on your behalf
  • Personalize your experience and send transactional communications
  • Detect and prevent security threats, fraud, and abuse
  • Comply with legal obligations

Legal Bases (GDPR)

  • Performance of our contract with you
  • Legitimate interests in operating and improving the Service
  • Consent, where required by applicable law
  • Compliance with legal obligations

5. Information Sharing

We do not sell or rent your personal information. We may share data with:

  • Service providers operating under confidentiality contracts (hosting, payment processing, email delivery, analytics)
  • Third-party integrations you explicitly authorize
  • Legal authorities when required by law, regulation, or valid legal process
  • Parties involved in corporate transactions (merger, acquisition, or sale of assets), with advance notice where practicable

6. International Data Transfers

Your data is primarily stored in the United States. Where transfers outside the EEA, UK, or Switzerland occur, we rely on adequacy decisions, EU Standard Contractual Clauses, or the UK International Data Transfer Agreement to ensure appropriate safeguards.

7. Data Security

We implement industry-standard security measures, including:

  • TLS 1.2+ encryption for data in transit
  • AES-256 encryption for data at rest
  • Role-based access controls
  • Audit logging
  • Regular penetration testing
  • Employee training on data protection
  • Incident response procedures

8. Data Retention

We retain your data for as long as your account is active and as needed to provide the Service. Deleted content is removed from active systems within 30 days and from encrypted backups within 90 days, except where retention is required by law.

9. Your Rights

Depending on your location, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

California residents have additional rights under the CCPA/CPRA, including the right to know what data is collected, request deletion, and opt out of the sale of personal information.

To exercise your rights, contact us at legal@rovlo.co

10. Cookies & Analytics

  • Essential cookies: Required for authentication, security, and core functionality
  • Functional cookies: Remember your preferences and settings
  • Analytics cookies: Help us understand usage patterns with aggregated statistics

You can disable non-essential cookies through your browser settings.

11. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites.

12. Children's Privacy

Rovlo is not directed to children under 16 years of age. We do not knowingly collect personal information from minors. If we become aware of such collection, we will take steps to delete the information promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' advance notice via email or in-app notification. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us:

  • Email: legal@rovlo.co
  • Mail: Vantum Group Limited, 1111B S Governors Av, Ste 39343, Dover, DE 19904, US